Philippine financial service firm flags data breach affecting 900, 000 clients

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://www.reuters.com/article/us-philippines-cebuanalhuillier-data-idUSKCN1PD078

Cebuana Lhuillier, a Philippine financial service provider, said on
Saturday that the data of 900,000 clients had been accessed without
authorization and that it had already alerted authorities to investigate
the incident.

The breach came as Philippine investigators were looking into allegations
by the country’s foreign minister last week that a privately contracted
firm took away documents and data from the Department of Foreign Affair’s
passport database.

Cebuana Lhuillier, whose services include pawning, remittance,
microinsurance, and business to business micro loan solutions, said some
information like birthdays, addresses and sources of income, were affected
in the breach involving an email server used for marketing.

“It’s just a very small portion of our clientele. The main server
containing all clients of Cebuana Lhuillier remains protected and
uncompromised”, said Richard Villaseran, the company’s corporate
communications division head.

He added the company’s clients had been advised how to further protect
their personal information.

_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange